# SEPA Secure payments using Checkout
XGateway supports deposits with the preliminary creation of [invoices](https://docs.xgateway.tech/payment-flows#invoice) at a fixed exchange rate. This is the recommended integration method, as it provides merchants with ready-made UI for accepting deposits in EUR, GBP and USD.
### Creating an invoice
{% hint style="danger" %}
VPN usage may block a customer from passing KYC checks. It is highly recommended to warn customers not to use VPN (including [Apple Private Relay](https://support.apple.com/en-us/102602)).
{% endhint %}
In order to create a Fixed Rate Invoice in the payment processing system, you need to make a `POST` request to the Invoice API endpoint.
URLs
For tests use Demo env:
For production:
[https://api.xgateway.tech/api/v2/invoices](https://api.demo.xgateway.tech/api/v2/invoices)
The XGateway provides one [API endpoint](https://docs.xgateway.tech/integration-guides/advanced-features-of-invoice-creation), which automatically defines a corresponding payment method based on the input parameters provided by the merchant. Below are examples of a payload to create an invoice for a SEPA Secure deposit in such currencies as EUR or GBP.
{% hint style="success" %}
The system will **skip** all XGateway **intermediate pages** and redirect the customer directly to the payment method, but **only if all required data is provided**. Integration can be implemented and tested with the mandatory fields alone; however, it is **highly recommended to proceed with pre-filled forms**, as this can dramatically simplify the flow for the end user and improve conversion. Please don't forget to check the [pre-population section](https://docs.xgateway.tech/advanced-features-of-invoice-creation#pre-populate-the-form-for-kyc) and the guide on conversion optimisation down below.
{% endhint %}
{% hint style="warning" %}
Please read [this](https://docs.xgateway.tech/miscellaneous/invoice-currencies) page about the difference between base currency and payment currency.
{% endhint %}
Create an invoice:
```json
{
"orderId": "order-test-prod",
"customerId": "test-prod2025",
"baseCurrency": "EUR",
"paymentCurrency": "EUR",
"amount": 100
}
```
Create and activate invoice **(opens the payment method directly)**:
```json
{
"orderId": "order-test-prod",
"customerId": "test-prod2025",
"baseCurrency": "EUR",
"amount": 100,
"paymentCurrency": "EUR",
"customerFirstName": "John",
"customerLastName": "Doe",
"customerEmail": "john.doe@gmail.com",
"customerCountry": "AU"
}
```
{% hint style="warning" %}
If you get a bad request response without exact information about the erroneous field, please check the syntax of the request.
{% endhint %}
The request returns a link to a correspondingly configured Checkout page.
The Checkout page will lead the customer through a KYC if this is the first deposit.
{% hint style="info" %}
A KYC process on production environment usually takes up to 3 minutes. In some cases, when a customer is sent for a manual review, the process may take up to [24 hours.](https://docs.sumsub.com/docs/full-kyb-regulations)
{% endhint %}
If the KYC is soft failed (for example, due to address or date of birth mismatch), the Checkout page will allow the customer to go through the KYC again and correct the error.
This Checkout page will eventually provide the customer with a virtual bank account number (IBAN) that must be used as an address for deposits.
The created IBAN remains active forever, considering the customer is active. If the IBAN was not used at all or was used long time ago (3 to 6 months ago) - XGateway team may deactivate the IBAN.
Remember to authorise the request with your key using `x-api-key` header.
The default lifetime of an invoice is 15 minutes.
### iFrame or redirect
The URL returned by the invoice creation API can be used in two ways: as a redirect or within an iFrame.
In case of a redirect, the user is sent to a new page, where they complete the payment. This can be done using a new tab too. A redirect is an option with less effort.\
When the deposit is done, the user is redirected back to your app: either to the dynamic URL specified in the redirectUrl [parameter](https://docs.xgateway.tech/advanced-features-of-invoice-creation#the-invoice-creation-api) or to a pre-set static URL.
The invoice URL may also be used in an iFrame. Please check [this](https://docs.xgateway.tech/miscellaneous/iframe-setup) page for detailed instructions on the iFrame setup.
### Limits
The invoice creation API validates the amount value.
{% hint style="danger" %}
An invoice will not be created, if the amount exceeds the limits.
{% endhint %}
Invoice limits
| Currency | Min value | Max value |
| -------- | --------- | --------- |
| EUR | 1 | - |
| GBP | 1 | - |
| USD | 1 | - |
### Processing a callback
When a customer makes a deposit, XGateway detects the transaction and sends a deposit callback to the merchant. Please visit[ this page](https://docs.xgateway.tech/miscellaneous/how-to-process-the-callback/transaction-callback-for-deposit-and-withdraw) for further information about the callbacks.
{% hint style="warning" %}
Callbacks for Withdraw requests will be sent to the same URL. Make sure to properly filter callbacks by type.
{% endhint %}
If your system stores the bank details of customers received from XGateway, please make sure to properly process [KYC status reversal](https://docs.xgateway.tech/miscellaneous/how-to-process-the-callback/kyc-callback), which may happen.
### Confirming a transaction
{% hint style="danger" %}
Due to security risks, merchants *must* use our [API endpoint](https://docs.xgateway.tech/miscellaneous/deposit-data-confirmation) to request transaction details. XGateway is not liable for issues caused by relying only on callback data.
{% endhint %}
To confirm the callback is valid, please use the [API endpoint](https://docs.xgateway.tech/miscellaneous/deposit-data-confirmation).
### Testing SEPA Secure deposits on Demo environment
Check [this page](https://docs.xgateway.tech/miscellaneous/sepa-secure-service-api/testing-sepa-secure-deposits) for ways to test the integration.
### Improving the conversion rate of bank transfers
#### Default flow
The standard bank transfer deposit flow includes **four key steps**:
1. **KYC Form** – The customer enters personal details like address, country, city, and postcode.
2. **KYC Verification (SumSub Widget)** – The customer uploads proof of address and identity.
3. **Bank Account Creation Form** – The customer provides their first name, last name, email, and other details to create a bank account.
4. **Requisites Page** – The IBAN is displayed to the customer.
{% hint style="info" %}
Steps 1 and 2 are **always required** and must be completed via our checkout page before a bank account can be created. Step 3 is optional though.
{% endhint %}
* **Experience**:
* **4 steps** for first invoice setup
* **2 steps** for recurring payments
* **Impact**: Slower onboarding and more friction for returning users
#### Optimised Flow with Optional Fields
While the base Invoice creation flow only requires mandatory fields, including the following **optional fields** during invoice creation can significantly streamline the user experience:
* `paymentCurrency`
* `customerCountry`
* `customerFirstName`
* `customerLastName`
* `customerEmail`
These values are usually already known when generating an invoice. Supplying them upfront allows the customer to skip the bank account creation form entirely (Step 3).
* **Experience**:
* **3 steps** for first invoice setup
* Direct redirection **(1 step)** to **Requisites** page for recurring payments
* **Impact**: Seamless user journey and faster payment completion
Comparison of flows with incomplete customer information and fully filled customer data.
